summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Sanitize sysdb search filters in the IPA providerStephen Gallagher2010-11-151-2/+17
|
* Sanitize search filters for the sysdbStephen Gallagher2010-11-151-6/+39
|
* Add sysdb utility function for sanitizing DNStephen Gallagher2010-11-152-0/+27
|
* Add utility function to sanitize LDAP/LDB filtersStephen Gallagher2010-11-153-0/+131
| | | | Also adds a unit test.
* Properly check the return value from semanage_commitStephen Gallagher2010-11-051-2/+2
| | | | | | | semanage_commit() returns -1 on error, and can return a positive value on success. https://bugzilla.redhat.com/show_bug.cgi?id=649037
* Review comments for namingContexts patchesSumit Bose2010-11-053-23/+17
|
* Handle errors during log reopening betterStephen Gallagher2010-11-052-3/+30
|
* Make ldap_search_base a non-mandatory optionSumit Bose2010-11-043-39/+46
|
* Use (default)namingContext to set empty search basesSumit Bose2010-11-044-1/+117
|
* Add defaultNamingContext to RootDSE attributesSumit Bose2010-11-042-0/+3
|
* Call krb5_child to check access permissionsSumit Bose2010-11-042-4/+129
|
* Make handle_child_* request publicSumit Bose2010-11-044-326/+432
| | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
* Add krb5_kuserok() access check to krb5_childSumit Bose2010-11-041-17/+73
|
* Make krb5_setup() publicSumit Bose2010-11-043-6/+8
|
* Add krb5_get_simple_upn()Sumit Bose2010-11-043-6/+30
|
* Add infrastructure for Kerberos access providerSumit Bose2010-11-045-27/+187
|
* Store krb5 auth context for other targetsSumit Bose2010-11-041-1/+2
|
* Don't clean up groups for which a user has it as primary GIDStephen Gallagher2010-11-041-2/+15
| | | | | | | | | | We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624
* Fix two return value checksSumit Bose2010-11-011-2/+2
|
* Fix misused SDAP_SEARCH_BASEMoritz Baumann2010-11-011-1/+1
|
* Fix incorrect free of req in krb5_auth.cStephen Gallagher2010-11-011-1/+1
|
* Mention ding-libs in BUILD.txtSumit Bose2010-10-271-33/+11
|
* Allow authentication for referralsSumit Bose2010-10-271-0/+193
|
* Bumping version to 1.5.0 devStephen Gallagher2010-10-261-1/+1
|
* Always use uint32_t for UID/GID numbersJakub Hrozek2010-10-269-50/+44
|
* Improve versioning for automated buildsStephen Gallagher2010-10-261-5/+5
| | | | | | Also changes 'make srpms' and 'make prerelease-srpms' to 'make srpm' and 'make prerelease-srpm', as we are only building one SRPM.
* Fix double free issueSumit Bose2010-10-261-2/+2
|
* Always use talloc_zero() to allocate cmdctxSumit Bose2010-10-262-3/+3
|
* Remove all nss requests after a reconnectSumit Bose2010-10-263-1/+26
| | | | | | | Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.
* Implement netgroups for proxy providerSumit Bose2010-10-254-2/+144
|
* Add netgroups infrastructure to proxy providerSumit Bose2010-10-253-0/+42
|
* Download only enabled IPA HBAC rulesSumit Bose2010-10-221-1/+3
|
* Add some missing ldap_memfree()Sumit Bose2010-10-222-3/+6
|
* Add ldap_deref optionSumit Bose2010-10-2210-3/+103
|
* Updating uk translationYuri Chornoivan2010-10-221-8/+6
|
* Write log opening failures to the syslogStephen Gallagher2010-10-193-2/+5
| | | | | If there is a problem with reopening the logs, it can be an audit trail issue.
* Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny2010-10-1912-10/+79
| | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
* Updating pl translationPiotr Drąg2010-10-191-5/+3
|
* Updating version for SSSD 1.4.0 releasesssd-1_4_0Stephen Gallagher2010-10-181-1/+1
|
* Fix 'make distcheck' for XML documentationStephen Gallagher2010-10-181-1/+1
| | | | | A missing $(srcdir) variable was preventing 'make distcheck' from working if run from a parallel build directory.
* Updating translation files for releaseStephen Gallagher2010-10-1814-3178/+3420
|
* Move all references to ldap_<entity>_search_base to "advanced" sectionJan Zeleny2010-10-182-44/+52
| | | | | | | The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607
* set in_transaction explicitly to falseJakub Hrozek2010-10-181-1/+1
|
* Use unsigned long for conversion to id_tJakub Hrozek2010-10-184-40/+22
| | | | | | | | We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
* Add proper nested initgroup support for RFC2307bis serversStephen Gallagher2010-10-181-3/+761
|
* Modify sysdb_[add|remove]_group_member to accept users and groupsStephen Gallagher2010-10-184-44/+102
| | | | | | | | Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained.
* Handle nested groups in RFC2307bisStephen Gallagher2010-10-181-1/+776
| | | | | | | | This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb
* Make sdap_save_users_send handle zero users gracefullyStephen Gallagher2010-10-181-0/+5
| | | | | If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction
* Add option to limit nested groupsSimo Sorce2010-10-187-3/+24
|
* Save dummy member users during RFC2307 getgr{nam,gid}Jakub Hrozek2010-10-151-82/+279
|
generated by cgit (git 2.34.1) at 2024-06-23 12:49:42 +0000